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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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earned patent term adjustment. See 37 CFR 1.704(b). 
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DETAILED ACTION 

Priority 

1 . No claim for priority has been made in this application. 

The effective filing date for the subject matter defined in the pending claims in 
this application is 1 1/15/2001 . 



Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

2. Claim 4 is rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

Claim 4 is indefinite because the "specific protocol" set forth is unclear and there 
is no specific scope addressed in the specification as to where the "specific" protocol is 
referred (i.e., what is the scope with respect to). 
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Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraph of 35 U.S.C. 102 that 
forms the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 331(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

3. Claims 1,5,7,11,1417,18 and 20 are rejected under 35~uTS:C. 1 02(e) as 
being anticipated by Cheng (Patent Number: 6823462), hereinafter referred to as 
Cheng. 

As per claim 1, 14, 17, 18 and 20, Cheng teaches a method for determining 
secure endpoints of tunnels in a network that uses Internet security protocol (Cheng: 
see for example, Column 7 Line 21 - 15), the method comprising the 
computer-implemented steps of. 

sending from a first network device a first description of network traffic that is to 
be protected; receiving, at the first network device and from a second network device, a 
second description of network traffic that is to be protected (Cheng: see for example, 
Figure 4 & Column 7 Line 35- 52 and Column 7 Line 23 - 25: entities to which network 
traffic may be directed are referred to as "hosts". Initiator as taught by Cheng is 
equivalent to the 1 st network device associated with the source host and Responder is 
equivalent to the 2 nd network device associated with the destination host); 
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creating and storing a third description of network traffic that is to be protected 
based on determining a logical intersection of the first description of network traffic and 
the second description of network traffic (Cheng: see for example, Column 7 Line 26 - 
30: Cheng teaches establishing a tunnel having a tunnel definition by negotiating a 
common security policy associated with the client and the server); and 

establishing the secure connection between the first network device and the 
second network device based on the third description of network traffic (Cheng: see for 
example, Column 7 Line 26 - 30). 

As per claim 5, Cheng teaches the claimed invention as described above (see 
claim 1 ). Cheng teaches the first description comprises a packet summary value that 
summarizes packets in the network traffic to be protected, and wherein the second 
description is generated by the second network device based on comparing the packet 
summary value to one or more access control lists that are managed by the second 
network device (Cheng: see for example, Figure 14 & Column 7 Line 46 - 57: security 
policy must fundamentally include access control rules). 

As per claim 7, Cheng teaches the claimed invention as described above (see 
claim 1 ). Cheng further teaches determining, at the second network device, whether 
the packet summary matches a security policy information that is associated with the 
second network device; wherein the packet summary is associated with the first 
description of network traffic (Cheng: see for example, Column 7 Line 46 - 48). 
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As per claim 1 1 , Cheng teaches the claimed invention as described above (see 
claim 1). Cheng further teaches receiving at the first network device an IP packet from 
a source end host that is associated with the first network device,; verifying that the IP 
packet falls within the third description of network traffic (Cheng: see for example, 
Column 6 Line 58 - 60, Column 7 Line 21 - 30 and Column 7 Line 35 - 52). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

4. Claims 2 - 4, 6, 8 - 10, 12 - 13 15 - 16 and 19 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Cheng (Patent Number: 6823462), hereinafter 
referred to as Cheng, in view of Bendinelli (Patent Number: 6631416), hereinafter 
referred to as Bendinelli. 

As per claim 19, Cheng teaches an apparatus for determining secure endpoints 
of tunnels in a network that uses Internet security protocol (Cheng: see for example, 
Column 7 Line 21 - 15), comprising: 
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means for sending from a first network device a first description of network traffic 
that is to be protected; means for receiving, at the first network device and from a 
second network device, a second description of network traffic that is to be protected 
(Cheng: see for example, Figure 4 & Column 7 Line 35 - 52 and Column 7 Line 23 - 
25: entities to which network traffic may be directed are referred to as "hosts". Initiator 
as taught by Cheng is equivalent to the 1 st network device associated with the source 
host and Responder is equivalent to the 2 nd network device associated with the 
destination host). 

However, Cheng does not disclose expressly the specific information described 
in the network traffic when exchanged between the 1 st network device and 2 nd network 
device includes port address, protocol type and proxy related information. 

Bendinelli teaches the specific information described in the network traffic when 
exchanged between the 1 st network device and 2 nd network device includes port 
address, protocol type and proxy related information (Bendinelli: see for example, 
Figure 14 & Column 14 Line 18-32, Column 38 Line 30 - 45, Column 40 Line 27 - 42 
and Column 45 Line 48 - 52). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Bendinelli within the system of Cheng 
because Bendinelli teaches providing a method that can easily and effectively establish 
one or more virtual private networks over a local or wide geographical area to enable a 
secure tunnel (Bendinelli: see for example, Column 3 Line 50 - 60 and Column 14 Line 
25-26). 
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means for creating and storing a third description of network traffic that is to be 
protected based on determining a logical intersection of the first description of network 
traffic and the second description of network traffic (Cheng: see for example, Column 8 
Line 53-62); and 

means for establishing the secure connection between the first network device 
and the second network device based on the third description of network traffic (Cheng: 
see for example, Column 7 Line 27 - 30). 

As per claim 2 and 15, Cheng teaches the claimed invention as described above 
(see claim 1 and 14 respectively). Cheng does not disclose expressly the first 
description comprises a first set of proxies, wherein the second description comprises a 
second set of proxies. 

Bendinelli teaches the first description comprises a first set of proxies, wherein 
the second description comprises a second set of proxies (Bendinelli: see for example, 
Figure 14 & Column 38 Line 30 - 46 and Column 14 Line 30 - 32). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Bendinelli within the system of Cheng 
because Bendinelli teaches providing a method that can easily and effectively establish 
one or more virtual private networks over a local or wide geographical area to enable a 
secure tunnel (Bendinelli: see for example, Column 3 Line 50 - 60 and Column 14 Line 
25-26). 
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Accordingly, Cheng in view of Bendinelli teaches the first description comprises a 
first set of proxies, wherein the second description comprises a second set of proxies, 
and wherein the step of creating and storing a third description further comprises the 
step of determining a largest common subset between the first set of proxies and the 
second set of proxies. 

As per claim 3 and 16, Cheng teaches the claimed invention as described above 
(see claim 1 and 14 respectively). Cheng does not disclose expressiy theTirst 
description comprises a first protocol and the second description comprises a second 
protocol. 

Bendinelli teaches the first description comprises a first protocol and the second 
description comprises a second protocol (Bendinelli: see for example, Figure 14 & 
Column 40 Line 28 - 37). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Bendinelli within the system of Cheng 
because Bendinelli teaches providing a method that can easily and effectively establish 
one or more virtual private networks over a local or wide geographical area to enable a 
secure tunnel (Bendinelli: see for example, Column 3 Line 50-60 and Column 14 Line 
25-26). 

Accordingly, Cheng in view of Bendinelli teaches the first description comprises a 
first protocol and the second description comprises a second protocol, and further 
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comprising the steps of determining a third protocol for the third description based on 
determining a logical intersection of the first protocol and the second protocol. 

As per claim 4, claim 4 does not further teach over claim 3 because the result of 
a third protocol is based upon determining a logical intersection of the first protocol and 
the second protocol. Therefore, see same rationale addressed above in rejecting claim 
3. 

As per claim 6, Cheng teaches the claimed invention as described above (see 
claim 1 ). Cheng further teaches the first description of network traffic comprises a 
packet summary includes IP protocol information that is associated with the network 
traffic emanating from a source end host, wherein the source end host is associated 
with the first network device; an IP address that is associated with the source end host; 
an IP address that is associated with the destination end host (Cheng: see for example, 
Column 7 Line 21 - 30, Column 6 Line 11-15 and Figure 5). 

Cheng does not disclose expressly a packet summary that includes: port 
information that is associated with the source end host; port information that is 
associated with a destination end host, wherein the destination end host is associated 
with the second network device; and a proxy address of the source end host. 

Bendinelli teaches a packet summary that includes: port information that is 
associated with the source end host; port information that is associated with a 
destination end host, wherein the destination end host is associated with the second 
network device; and a proxy address of the source end host (Bendinelli: see for 



Application/Control Number. 09/990,81 4 Page 1 0 

Art Unit: 2131 

example, Figure 14 / Figure 15A & Column 14 Line 18-32, Column 38 Line 30 - 45, 
Column 40 Line 27 - 42 and Column 45 Line 48 - 52). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Bendinelli within the system of Cheng 
because Bendinelli teaches providing a method that can easily and effectively establish 
one or more virtual private networks over a local or wide geographical area to enable a 
secure tunnel (Bendinelli: see for example, Column 3 Line 50 - 60 and Column 14 Line 
25-26). 

Cheng further teaches the second description is generated by the second 
network device based on comparing the packet summary to one or more access control 
lists that are managed by the second network device (Cheng: see for example, Column 
7 Line 46 - 57). 

As per claim 8, Cheng teaches the claimed invention as described above (see 
claim 1 ). Cheng further teaches the second description of network traffic comprises a 
response that includes: IP protocol information that is associated with the network traffic 
emanating from a destination end host, wherein the destination end host is associated 
with the second network device; an IP address that is associated with the second 
network device (Cheng: see for example, Column 7 Line 21 - 30, Column 6 Line 1 1 - 
15 and Figure 5). 

Cheng does not disclose expressly proxy addresses that are associated with a 
destination end host. 
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Bendinelli teaches proxy addresses that are associated with a destination end 
host (Bendinelli: see for example, Figure 15A & Column 38 Line 30 - 45). See the 
same rationale of combination applied herein as above in rejecting claim 2. 

As per claim 9, Cheng in view of Bendinelli teaches the claimed invention as 
described above (see claim 8). Bendinelli further teaches the Proxy addresses that are 
associated with the destination end host include a first subnet that includes the 
destination end host and a second subnet that includes a source end host, wherein the 
source end host is associated with the first network device (Bendinelli: see for example, 
Column 45 Line 48 - 52 and Figure 15A). 

As per claim 10, claim 10 encompasses the scope at least as described in claim 
6 because the results of a third protocol information, port information and proxy 
information are based upon determining a logical intersection (i.e. common set as 
taught by Cheng) between the first and the second description of network traffic. 
Therefore, see same rationale addressed above in rejecting claim 6. Besides that, in 
further regards to claim 10, Bendinelli further teaches additional protocol information 
(Bendinelli: see for example, Column 40 Line 26 - 46). 

As per claim 12, claim 12 is similar to claim 6 because the result of a third port 
information is based upon determining a logical intersection (i.e. common set as taught 
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by Cheng) between the first and the second description of network traffic. Therefore, 
see same rationale addressed above in rejecting claim 6. 

As per claim 13, claim 13 is similar to claim 6 because the claim imitation is an 
obvious outcome of the logical intersection as performed on the port information. 
Therefore, see same rationale addressed above in rejecting claim 6. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Longbit Chai whose telephone number is 571-272-3788 
The examiner can normally be reached on Monday-Friday 8:00am-4:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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